Redlof virus removal by changing the Windows registry

Redlof virus removal by changing the Windows registry

Post by tbrownin » Sat, 06 Sep 2003 06:13:19


I am running Windows ME and MS Office XP. I have a Linksys wireless
router and and DSL connection. I have Norton System Works installed.
NSW caught a virus called Redlof.html but could not remove or delete
it. I went to the NSW site for technical support and found the
article on how to remove this virus by editing the Windows Registry.
Here are the instructions they gave:

Step 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value
Kernel32

Step 2
Navigate to the key
HKEY_CURRENT_USER\Identities\[Default Use ID]\Software\
Microsoft\Outlook Express\[Outlook Version].0\Mail
In the right pane, delete the values
Compose Use Stationery
Stationery Name
Wide Stationery Name

Step 3
Navigate to the key
HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Options\Mail
In the right pane, delete the value
EditorPreference

Step 4
Navigate to and delete these subkeys:
HKEY_CLASSES_ROOT\dllFile\Shell
HKEY_CLASSES_ROOT\dllFile\ShellEx
HKEY_CLASSES_ROOT\dllFile\ScriptEngine
HKEY_CLASSES_ROOT\dllFile\ScriptHostEncode

I could not find the value kernel32 talked about in Step 1 and in Step
4 after \dllFile the only thing there was DefaultIcon. What do I do
now - any help would be appreciated.